You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Spylocked - Not Completely Gone (?)

First, I know nothing about computers, so I need all this explained to me.I got Spylocked on my computer. I followed the "Automatic" instructions from the Spylocked guide on this website (uses SmitFraudFix) and it fixed almost everything. However, a McAfee scan found (and couldn't delete) 1 SpyLocked PUP (SpyLocked.Ink) and 2 SmitFraudFix PUPs (PrcViewer and Generic PUP.g). All three are located in C:\System Volume Information\_restore.Screenshots of each:SpyLocked.InkPrcViewerGeneric PUP.g

Other than that, everything seems to be working fine, other than a red McAfee alert popping up once saying it had blocked SpyLocked.Ink from doing its thing. (this was also located in System Volume Information.)

I apologize if this is in the wrong place, but I'm clueless. Can anyone walk me through what I need to do?

download, update and run Rogue Remover, superantispyware, and clean up the restore points

Restore points: Now you should Set a New Restore Pointto prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Then go to Start > Run and type: Cleanmgr

Click "OK".

Click the "More Options" Tab.

Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

The latest version of rogue remover is 1.19, make sure that you update the database, make sure that you do the complete scan for super antispyware, then let it clean everything that it finds. If it needs to restart the computer let it do so.Follow the instructions exactly for the restore points.

I ran Rogue Remover, and SuperAntiSpyware is going. A different McAfee thing just popped up - also called SpyLocked.lnk, but this time it's related to the SuperAntiSpyware process.screenie

What's going on, and which option should I select?

Also, SAS has so far found 33 Adware.Tracking Cookie, 3 Malware.SpyLocked, 6 Trojan.Media-Codec/V3, and 1 Trojan.SmitFraud Variant. This last one sounds a little disturbing. Is there anything else I should know or do?

Trust should be what you select then disable mcafee while you are scanning and removing. the smitfraud variant is normally part of the spylocked. when you get spyware on a computer, it can be difficult to remove, and will sometimes re populate itself. post back here when you are done and I will give a link to an online virus scanner.

Ok, in the last hour I got three more McAfee SpyLocked.lnk alerts. I'm doing the BitDefender thing right now. Might it be helpful to reinstall Rogue Remover and SuperAntiSpyware and make sure I let McAfee allow their stuff to run?

Yes, and make sure that you do the updates and do the system restore reset. It is imperative that you redo your system restore. When you are running the scans make sure that you are disconnected from the net, and that McAfee is disabled. If this does not fix the problem, you will need to post a Hijack this log in the correct forum. Another way to do the system restore reset is:

Navigate to Start, My Computer, R Click, Properties, System restore, Check the turn off System Restore Box., Restart. When the computer is re started, Navigate to Start, My Computer, R Click, Properties, System restore, uncheck the turn off System Restore Box. Immediately make a new, clean system restore point go here for the tutorial: http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

Also keep in mind that certain files which are part of the smitfraudfix tool (or other specialized tools), such as process.exe, restart.exe, SmiUpdate.exe, and reboot.exe, may at times be detected by some anti-virus as a "RiskTool", "Hacking tool, "Potentially unwanted tool" or even "Spyware-Adware". Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Such programs may have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others.